[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 17 Jul 2022 13:10:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1f7e782e by security tracker role at 2022-07-17T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-36128
+       RESERVED
+CVE-2022-36127
+       RESERVED
+CVE-2022-2454
+       RESERVED
+CVE-2022-2453
+       RESERVED
+CVE-2022-2452
+       RESERVED
+CVE-2022-2451
+       RESERVED
 CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition 
before 7.9.20 ...)
        TODO: check
 CVE-2022-2450
@@ -20,8 +32,8 @@ CVE-2017-20139
        RESERVED
 CVE-2016-15003
        RESERVED
-CVE-2015-10003
-       RESERVED
+CVE-2015-10003 (A vulnerability, which was classified as problematic, was 
found in Fil ...)
+       TODO: check
 CVE-2022-36125
        RESERVED
 CVE-2022-36124
@@ -648,8 +660,8 @@ CVE-2022-35863
        RESERVED
 CVE-2022-35862
        RESERVED
-CVE-2022-35861
-       RESERVED
+CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain 
privileges via a ...)
+       TODO: check
 CVE-2022-35860
        RESERVED
 CVE-2022-35859
@@ -3588,8 +3600,8 @@ CVE-2022-2224
        RESERVED
 CVE-2022-2223
        RESERVED
-CVE-2022-2222
-       RESERVED
+CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not 
ensure th ...)
+       TODO: check
 CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of 
Devolutio ...)
        NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-2220
@@ -4198,8 +4210,8 @@ CVE-2022-2196
        RESERVED
 CVE-2022-2195
        RESERVED
-CVE-2022-2194
-       RESERVED
+CVE-2022-2194 (The Accept Stripe Payments WordPress plugin before 2.0.64 does 
not san ...)
+       TODO: check
 CVE-2019-25071 (A vulnerability was found in Apple iPhone up to 12.4.1. It has 
been de ...)
        NOT-FOR-US: Apple iPhone
 CVE-2022-34463
@@ -4446,10 +4458,10 @@ CVE-2022-2189
        RESERVED
 CVE-2022-2188
        RESERVED
-CVE-2022-2187
-       RESERVED
-CVE-2022-2186
-       RESERVED
+CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does 
not esca ...)
+       TODO: check
+CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not 
sanitise  ...)
+       TODO: check
 CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager 
Plugin 3.4.4 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2017-20096 (A vulnerability classified as problematic has been found in 
WP-SpamFre ...)
@@ -4658,18 +4670,18 @@ CVE-2022-2175 (Buffer Over-read in GitHub repository 
vim/vim prior to 8.2. ...)
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
microweber ...)
        NOT-FOR-US: microweber
-CVE-2022-2173
-       RESERVED
+CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 
does not e ...)
+       TODO: check
 CVE-2022-2172
        RESERVED
 CVE-2022-2171
        RESERVED
 CVE-2022-2170
        RESERVED
-CVE-2022-2169
-       RESERVED
-CVE-2022-2168
-       RESERVED
+CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 
1.0.83 do ...)
+       TODO: check
+CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not 
escape a  ...)
+       TODO: check
 CVE-2022-2167
        RESERVED
 CVE-2022-34270
@@ -4962,22 +4974,22 @@ CVE-2022-2153
        NOTE: 
https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1)
 CVE-2022-2152
        RESERVED
-CVE-2022-2151
-       RESERVED
+CVE-2022-2151 (The Best Contact Management Software WordPress plugin through 
3.7.3 do ...)
+       TODO: check
 CVE-2022-2150
        RESERVED
-CVE-2022-2149
-       RESERVED
-CVE-2022-2148
-       RESERVED
+CVE-2022-2149 (The Very Simple Breadcrumb WordPress plugin through 1.0 does 
not sanit ...)
+       TODO: check
+CVE-2022-2148 (The LinkedIn Company Updates WordPress plugin through 1.5.3 
does not s ...)
+       TODO: check
 CVE-2022-2147 (Cloudflare Warp for Windows from version 2022.2.95.0 contained 
an unqu ...)
        NOT-FOR-US: Cloudflare Warp for Windows
-CVE-2022-2146
-       RESERVED
+CVE-2022-2146 (The Import CSV Files WordPress plugin through 1.0 does not 
sanitise an ...)
+       TODO: check
 CVE-2022-2145 (Cloudflare WARP client for Windows (up to v. 2022.5.309.0) 
allowed cre ...)
        NOT-FOR-US: Cloudflare WARP client for Windows
-CVE-2022-2144
-       RESERVED
+CVE-2022-2144 (The Jquery Validation For Contact Form 7 WordPress plugin 
before 5.3 d ...)
+       TODO: check
 CVE-2022-34167 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored 
cross-s ...)
        NOT-FOR-US: IBM
 CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to 
cross-site scr ...)
@@ -5018,8 +5030,8 @@ CVE-2022-2135
        RESERVED
 CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree 
prior to 0. ...)
        NOT-FOR-US: inventree
-CVE-2022-2133
-       RESERVED
+CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't 
valida ...)
+       TODO: check
 CVE-2022-2132
        RESERVED
 CVE-2022-2131
@@ -5598,8 +5610,8 @@ CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 
3.6.7) service class provide
        - dcmtk <unfixed> (bug #1014044)
        [bullseye] - dcmtk <no-dsa> (Minor issue)
        [buster] - dcmtk <no-dsa> (Minor issue)
-CVE-2022-2118
-       RESERVED
+CVE-2022-2118 (The 404s WordPress plugin before 3.5.1 does not sanitise and 
escape it ...)
+       TODO: check
 CVE-2014-125025 (A vulnerability classified as problematic has been found in 
FFmpeg 2.0 ...)
        - ffmpeg <not-affected> (Fixed before re-introduction to Debian as 
src:ffmpeg)
        NOTE: Fixed by: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9dbc13836cd52cda594f819d17af9afa2
 (n2.2-rc1)
@@ -5720,8 +5732,8 @@ CVE-2022-2116
        RESERVED
 CVE-2022-2115
        RESERVED
-CVE-2022-2114
-       RESERVED
+CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before 
1.10.20 ...)
+       TODO: check
 CVE-2022-2113 (Cross-site Scripting (XSS) - Stored in GitHub repository 
inventree/inv ...)
        NOT-FOR-US: inventree
 CVE-2022-2112 (Improper Neutralization of Formula Elements in a CSV File in 
GitHub re ...)
@@ -5857,10 +5869,10 @@ CVE-2022-33870
        RESERVED
 CVE-2022-33869
        RESERVED
-CVE-2022-2100
-       RESERVED
-CVE-2022-2099
-       RESERVED
+CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not 
sanitise and ...)
+       TODO: check
+CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to 
stored  ...)
+       TODO: check
 CVE-2022-2098 (Weak Password Requirements in GitHub repository 
kromitgmbh/titra prior ...)
        NOT-FOR-US: Titra
 CVE-2020-36549 (A vulnerability classified as critical was found in GE Voluson 
S8. Aff ...)
@@ -6108,8 +6120,8 @@ CVE-2022-2092 (The WooCommerce PDF Invoices &amp; Packing 
Slips WordPress plugin
        NOT-FOR-US: WordPress plugin
 CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not 
implement nonc ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-2090
-       RESERVED
+CVE-2022-2090 (The Discount Rules for WooCommerce WordPress plugin before 
2.4.2 does  ...)
+       TODO: check
 CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not 
sanitise  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-33758
@@ -9397,8 +9409,8 @@ CVE-2022-32322
        RESERVED
 CVE-2022-32321
        RESERVED
-CVE-2022-32320
-       RESERVED
+CVE-2022-32320 (A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and 
Ferdium ...)
+       TODO: check
 CVE-2022-32319
        RESERVED
 CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a 
persistent  ...)
@@ -10908,8 +10920,8 @@ CVE-2022-31795 (An issue was discovered on Fujitsu 
ETERNUS CentricStor CS8000 (C
        NOT-FOR-US: Fujitsu
 CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 
(Control ...)
        NOT-FOR-US: Fujitsu
-CVE-2022-1933
-       RESERVED
+CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and 
escape a p ...)
+       TODO: check
 CVE-2022-1932
        RESERVED
 CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request 
binding. ...)
@@ -14634,8 +14646,7 @@ CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer 
Overflow. ...)
        NOTE: Fixed by: 
https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552
 (v2022.07-rc4)
 CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker 
to cause  ...)
        NOT-FOR-US: OPC UA Legacy Java Stack
-CVE-2022-30550 [Privilege escalation possible in dovecot when imilar master 
and non-master passdbs are used]
-       RESERVED
+CVE-2022-30550 (An issue was discovered in the auth component in Dovecot 2.2 
and 2.3 b ...)
        - dovecot <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/9
        NOTE: 
https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904
@@ -14654,8 +14665,8 @@ CVE-2022-1674 (NULL Pointer Dereference in function 
vim_regexec_string at regexp
        NOTE: Negligible security impact; crash in CLI tool
 CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 
1.0.2 doe ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-1672
-       RESERVED
+CVE-2022-1672 (The Insights from Google PageSpeed WordPress plugin before 
4.0.7 does  ...)
+       TODO: check
 CVE-2022-1671
        RESERVED
        - linux 5.17.3-1
@@ -100634,8 +100645,8 @@ CVE-2021-24657 (The Limit Login Attempts WordPress 
plugin before 4.0.50 does not
        NOT-FOR-US: WordPress plugin
 CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 
3.2.4 do ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-24655
-       RESERVED
+CVE-2021-24655 (The WP User Manager WordPress plugin before 2.6.3 does not 
ensure that ...)
+       TODO: check
 CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not 
properly  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly 
sanitis ...)
@@ -174671,8 +174682,8 @@ CVE-2020-7643 (paypal-adaptive through 0.4.2 
manipulation of JavaScript objects
        NOT-FOR-US: Node paypal-adaptive
 CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious 
JavaScript. The  ...)
        NOT-FOR-US: Node lazysizes
-CVE-2020-7641
-       RESERVED
+CVE-2020-7641 (This affects all versions of package grunt-util-property. The 
function ...)
+       TODO: check
 CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary 
commands. The  ...)
        NOT-FOR-US: Node pixl-class
 CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype 
Pollution.T ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7e782eea22fec7ab83ffb415fcedb108698ed2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7e782eea22fec7ab83ffb415fcedb108698ed2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to